360-CERT每日安全简报
Daily Security Briefing
2020-11-16 星期一
漏洞 Vulnerability
CNVD-2020-58394: 用友U8-OA存在SQL注入漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-58394
CVE-2020-16009: Chrome V8 类型混淆漏洞
https://cxsecurity.com/issue/WLB-2020110122
安全研究 Security Research
挖洞经验 | 利用开放重定向漏洞劫持GitHub Gist账户
https://www.freebuf.com/articles/web/252515.html
安全事件 Security Incident
The North Face 网站遭受凭证填充攻击导致用户信息泄漏
https://securityaffairs.co/wordpress/110952/data-breach/the-north-face-credential-stuffing.html
美国网络电视服务Pluto TV 320万用户数据泄漏
https://www.bleepingcomputer.com/news/security/hacker-shares-32-million-pluto-tv-accounts-for-free-on-forum/
恶意软件 Malware
Cencosud受Egregor勒索软件攻击
https://www.bleepingcomputer.com/news/security/retail-giant-cencosud-hit-by-egregor-ransomware-attack-stores-impacted/
安全工具 Security Tools
0xjiayu/go_parser: IDAPro 的GO二进制文件处理脚本
https://github.com/0xjiayu/go_parser
thewhiteh4t/FinalRecon: python编写的信息收集工具
https://github.com/thewhiteh4t/FinalRecon
安全报告 Security Report
卡巴斯基:2020-Q3邮件/网络钓鱼报告
https://securelist.com/spam-and-phishing-in-q3-2020/99325/
酒店POS软件中的ModPipe后门
https://www.welivesecurity.com/2020/11/12/hungry-data-modpipe-backdoor-hits-pos-software-hospitality-sector/
安全资讯 Security Information
常见的API漏洞
https://www.hackread.com/the-most-common-api-vulnerabilities/
ICS领域数字取证技术
https://www.freebuf.com/articles/ics-articles/253382.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn